summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/ssh-keygen.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* replace our obsolete smartcard code with PKCS#11.markus2010-02-081-60/+24
| | | | | | | | | ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11 provider (shared library) while ssh-agent(1) delegates PKCS#11 to a forked a ssh-pkcs11-helper process. PKCS#11 is currently a compile time option. feedback and ok djm@; inspired by patches from Alon Bar-Lev
* when converting keys, truncate key comments at 72 chars as per RFC4716;djm2010-01-111-4/+8
| | | | bz#1630 reported by tj AT castaglia.org; ok markus@
* force use of correct hash function for random-art signature displaydjm2009-08-271-4/+4
| | | | | | as it was inheriting the wrong one when bubblebabble signatures were activated; bz#1611 report and patch from fwojcik+openssh AT besh.com; ok markus@
* alphabetize includes; reduces diff vs portable and style(9). ok stevesk djmdtucker2009-06-221-2/+2
|
* Added missing newlines in error messages.tobias2009-02-211-8/+8
| | | | ok dtucker
* spelling/typo in commentstevesk2008-11-071-2/+2
|
* Change "ssh-keygen -F [host] -l" to not display random art unlesssthen2008-07-131-3/+5
| | | | | | | -v is also specified, making it consistent with the manual and other uses of -l. ok grunk@
* make ssh-keygen -lf show the key type just as ssh-add -l would do itgrunk2008-06-121-5/+7
| | | | ok djm@ markus@
* ssh-keygen would write fingerprints to STDOUT, and random art to STDERR,grunk2008-06-111-4/+7
| | | | | | | that is not how it was envisioned. Also correct manpage saying that -v is needed along with -l for it to work. spotted by naddy@
* ssh-keygen -lv -f /etc/ssh/ssh_host_rsa_key.pubgrunk2008-06-111-3/+3
| | | | would not display you the random art as intended, spotted by canacar@
* Introduce SSH Fingerprint ASCII Visualization, a technique inspired by thegrunk2008-06-111-4/+17
| | | | | | | | | | | | | | | | | | | | | | | graphical hash visualization schemes known as "random art", and by Dan Kaminsky's musings on the subject during a BlackOp talk at the 23C3 in Berlin. Scientific publication (original paper): "Hash Visualization: a New Technique to improve Real-World Security", Perrig A. and Song D., 1999, International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99) http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf The algorithm used here is a worm crawling over a discrete plane, leaving a trace (augmenting the field) everywhere it goes. Movement is taken from dgst_raw 2bit-wise. Bumping into walls makes the respective movement vector be ignored for this turn, thus switching to the other color of the chessboard. Graphs are not unambiguous for now, because circles in graphs can be walked in either direction. discussions with several people, help, corrections and ok markus@ djm@
* support -l (print fingerprint) in combination with -F (find host) todjm2008-05-191-7/+23
| | | | | search for a host in ~/.ssh/known_hosts and display its fingerprint; ok markus@
* unbreak line numbering (broken in revision 1.164), fix error messagedjm2008-01-191-6/+7
|
* when hashing individual hosts (ssh-keygen -Hf hostname), make sure wedjm2008-01-191-3/+4
| | | | | | hash just the specified hostname and not the entire hostspec from the keyfile. It may be of the form "hostname,ipaddr", which would lead to a hash that never matches. report and fix from jp AT devnull.cz
* handles zero-sized strings that fgets can returnchl2007-10-021-9/+7
| | | | | | | | properly removes trailing newline removes an unused variable correctly counts line number "looks ok" ray@ markus@
* use strcspn to properly overwrite '\n' in fgets returned buffergilles2007-09-111-5/+3
| | | | ok pyr@, ray@, millert@, moritz@, chl@
* sort synopsis and options in ssh-agent(1); usage is lowercasesobrado2007-09-091-2/+2
| | | | ok jmc@
* spacesstevesk2007-01-211-3/+3
|
* more secsh -> rfc 4716 updates;jmc2007-01-121-3/+3
| | | | | spotted by wiz@netbsd ok markus
* spacesstevesk2007-01-031-3/+3
|
* remove small dead code; arnaud.lacombe.1@ulaval.ca via Coverity scanstevesk2007-01-031-4/+3
|
* use argc and argv not some made up short formderaadt2006-11-141-6/+6
|
* add missing checks for openssl return codes; with & ok djm@markus2006-11-061-2/+3
|
* almost entirely get rid of the culture of ".h files that include .h files"deraadt2006-08-031-4/+2
| | | | | ok djm, sort of ok stevesk makes the pain stop in one easy step
* move #include <stdio.h> out of includes.hstevesk2006-08-011-1/+2
|
* move #include <stdlib.h> out of includes.hstevesk2006-07-261-1/+2
|
* move #include <sys/param.h> out of includes.hstevesk2006-07-261-1/+2
|
* move #include <string.h> out of includes.hstevesk2006-07-221-1/+2
|
* move #include <unistd.h> out of includes.hstevesk2006-07-171-1/+2
|
* move #include <errno.h> out of includes.h; ok markus@stevesk2006-07-111-1/+2
|
* move #include <fcntl.h> out of includes.hstevesk2006-07-091-1/+2
|
* move #include "dns.h" upstevesk2006-07-061-2/+2
|
* move #include <pwd.h> out of includes.h; ok markus@stevesk2006-07-061-1/+3
|
* fix leak; coverity via Kylene Jo Hallmarkus2006-05-171-2/+4
|
* Correctly handle truncated files while converting keys; ok djm@dtucker2006-03-301-1/+3
|
* cast strtonum() result to right typederaadt2006-03-251-5/+6
|
* Put $OpenBSD$ tags back (as comments) to replace the RCSID()s thatdjm2006-03-251-0/+1
| | | | Theo nuked - our scripts to sync -portable need them in the files
* annoying spacing fixes getting in the way of real diffsderaadt2006-03-201-3/+4
|
* RCSID() can diederaadt2006-03-191-1/+0
|
* if no key file are given when printing the DNS host record, use thejakob2006-03-151-10/+32
| | | | host key file(s) as default. ok djm@
* Make ssh-keygen handle CR and CRLF line termination when converting IETFdtucker2006-03-131-9/+33
| | | | | format keys, in adition to vanilla LF. mindrot #1157, tested by Chris Pepper, ok djm@
* move #include <sys/stat.h> out of includes.h; ok markus@stevesk2006-02-201-1/+4
|
* Populate default key sizes before checking them; from & ok tim@dtucker2005-11-291-3/+3
|
* Enforce DSA key length of exactly 1024 bits to comply with FIPS-186-2,dtucker2005-11-281-2/+4
| | | | | | increase minumum RSA key size to 768 bits and update man page to reflect these. Patch originally bz#1119 (senthilkumar_sen at hotpop.com), ok djm@, grudging ok deraadt@.
* generate a protocol 2 RSA key by defaultdjm2005-10-311-5/+4
|
* no need to escape single quotes in comments, no binary changedjm2005-10-301-2/+2
|
* no trailing "\n" for log functions; ok djm@stevesk2005-10-141-3/+3
|
* change DSA default back to 1024, as it's defined for 1024 bits onlymarkus2005-10-071-3/+9
| | | | | | | and this causes interop problems with other clients. moreover, in order to improve the security of DSA you need to change more components of DSA key generation (e.g. the internal SHA1 hash); ok deraadt
* ensure that stdio fds are attached; ok deraadt@djm2005-09-131-1/+4
|
* knf says that a 2nd level indent is four (not three or five) spacesdjm2005-07-171-2/+2
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.